Get 2FA code

curl --request GET \
  --url https://api.cloudcruise.com/vault/tfa-code \
  --header 'cc-key: <api-key>'

{
  "code": "123456",
  "expires_in_seconds": 23,
  "received_at": "2023-11-07T05:31:56Z"
}

Vault API

Get 2FA code

Retrieves the current two-factor authentication (2FA) code for a single vault entry, identified by permissioned_user_id and domain.

Behavior depends on the credential’s 2FA method:

Authenticator (TOTP): a fresh time-based code is generated from the stored secret. The response includes expires_in_seconds.
Email: returns the most recently received code, provided it arrived within the freshness window (otherwise 404). The response includes received_at.
SMS and magic link: not supported via this endpoint (409). SMS codes arrive at a single shared phone number with no per-credential marker (and the message body often has no service name), so a code cannot be reliably attributed to the requested credential. Use email or authenticator.

The code is returned with Cache-Control: no-store and is never logged.

GET

vault

tfa-code

Get 2FA code

curl --request GET \
  --url https://api.cloudcruise.com/vault/tfa-code \
  --header 'cc-key: <api-key>'

{
  "code": "123456",
  "expires_in_seconds": 23,
  "received_at": "2023-11-07T05:31:56Z"
}

Note:

Both permissioned_user_id and domain are required.

For authenticator (TOTP) credentials, a fresh code is generated and the response includes expires_in_seconds.

For email credentials, the most recently received code is returned if it arrived within the freshness window; otherwise a 404 is returned. The response includes received_at.

SMS and magic-link credentials are not supported on this endpoint (409). SMS codes arrive at a single shared phone number with no per-credential marker (and the message body often has no service name), so they can’t be reliably attributed to the requested credential — use email or authenticator.

Codes are returned with Cache-Control: no-store. Do not log or cache them.

Authorizations

cc-key

string

header

required

API key-based authentication. Provide your CloudCruise API key in the cc-key header.

Query Parameters

permissioned_user_id

string

required

Unique identifier for the vault entry.

domain

string

required

Target domain of the vault entry.

Response

2FA code successfully retrieved.

The current 2FA code for a vault entry. expires_in_seconds is present for authenticator (TOTP) codes; received_at is present for email/SMS codes.

type

enum<string>

required

The 2FA method this code was produced for.

Available options:

authenticator,

email

code

string

required

The one-time code.

Example:

"123456"

expires_in_seconds

integer

Seconds until the authenticator code rotates (authenticator only).

Example:

23

received_at

string<date-time>

When the email/SMS code was received (email/SMS only).

Get vault entries Create vault entry

⌘I